Scores of contests at the annual DEF CON event reveal hacker culture in its Baroque glory, with tests of social engineering and IoT hacking skills taking center stage.
Consumer advocates and proponents of right to repair laws in 17 states have a new enemy to worry about. The Security Innovation Center, with backing of powerful tech industry groups, is arguing that letting consumers fix their own devices will empower hackers.*
There are plenty of standards that can be used to help secure The Internet of Things, but not much evidence that they’re being used, according to NIST, which calls on government and industry to settle on conforming standards for IoT products in a new report.
Podcast: Play in new window | Download (Duration: 39:57 — 45.7MB)Subscribe: Android | Email | Google Podcasts | RSSIn this week’s podcast: researcher Kevin Fu of University of Michigan discusses his work on attacks that use physics to manipulate connected devices. Also: Mark Loveless of DUO discusses his research into how poor implementation of wireless protocols make personal security trackers a privacy risk. And have we seen peak ransomware? Adam Kujawa of the firm Malwarebytes joins us to talk about the findings of that company’s State of Malware Report.
In this, our 70th episode of The Security Ledger podcast, we speak withXu Zou of the Internet of Things security startup Zingbox about the challenges of securing medical devices and clinical networks from cyber attack. Also: we take a look at the turmoil that has erupted around the OWASP Top 10, a list of common application security foibles. And finally: open source management vendor Black Duck Software announced that it was being acquired for more than half a billion dollars. We sit down with Black Duck CEO Lou Shipley to talk about the software supply chain and to hear what’s next for his company.